Florian Pflug <fgp@phlo.org> writes:
> I wonder though if shouldn't restrict the allowed ciphers list to being
> a simple list of supported ciphers. If our goal is to support multiple
> SSL libraries transparently then surely having openssl-specific syntax
> in the config file isn't exactly great anyway...
No, we don't want to go there, because then we'd have to worry about
keeping the default list in sync with what's supported by the particular
version of the particular library we chance to be using. That's about
as far from transparent as you can get. A notation like "DEFAULT"
is really quite ideal for our purposes in that respect.
regards, tom lane
